module LockDown
  module Session
    module Configure
      protected
      
      def session_expiry
        if session[:expiry_time] && session[:expiry_time] < Time.now
          reset_session
          store_permissions
          unless access_approved?(params[:controller], params[:action])
            redirect_to(login_url) 
            return
          end
        end
        session[:expiry_time] = Time.now + LockDown::SESSION_TIMEOUT
      end

      def store_session_user(user)
        return if user.nil?
        session[:user_id] = user.id
        session[:user_name] =  user.first_name.dup + " " + user.last_name.dup
        session[:user_role_id] = user.role_id
        ug = Array.new
        user.user_group.each{|g| ug << g.id}
        session[:user_groups] = ug 
        session[:updater_id] = user.updater_id
        session[:allowed_urls] = user.allowed_urls if user.respond_to?(:allowed_urls)
      end

      def store_permissions
        return unless session[:permissions].nil? || session[:permissions].empty?
        session[:permissons] = LockDown.public_actions
      end

      def store_locations
        session[:continue_on] = request.request_uri
        if request.method == :get
          session[:prevpage] = session[:thispage] || ''
          session[:thispage] = session[:continue_on]
        end
      end
    end #end Configure module
    
    module Access
      protected
      
      def current_user_is_visitor?
        !user?
      end

      def user?
         !session[:user_id].nil?
      end

      def user_name
        session[:user_name]
      end

      def current_user
       return User.find(current_user_id)
      rescue ActiveRecord::RecordNotFound
       return nil
      end

      def current_user_id
       return session[:user_id] || -1
      end

      def current_updater_id
       return session[:updater_id] || -1
      end

      def current_user_role
       Role.find(current_user_role_id) if user?
      end

      def current_user_role_id
       return session[:user_role_id] || -1
      end

      def current_user_has_access?(user_group_ids)
       return true if current_user_is_site_admin?
       return true if user_group_ids.nil? || user_group_ids.empty?
       if session[:user_groups]
         user_group_ids.each do |ugid|
           return true if session[:user_groups].include?(ugid)
         end
       end
       return false
      end
      
      def access_in_categories?(cat_array)
        rvalue = false
        cat_array.each do |category|
          rvalue = true if permissions_have_controller?(category)
        end
        rvalue
      end

      def access_to_category?(category, exclude_links = [])
        return permissions_have_controller?(category, exclude_links)
      end
      
      private
        def permissions_have_controller?(category, exclude_links = [])
          category = format_controller(category)
          session[:permissions].each do |perm|
            next if exclude_links.include?(perm)
            return true if perm =~ /^#{category}/
          end
          return false
        end
      
    end # end Access module
  end # end Session module
end # end LockDown module